RSS   Vulnerabilities for 'Mp4v2'   RSS

2018-07-20
 
CVE-2018-14446

CWE-119
 

 
MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file.

 
2018-07-19
 
CVE-2018-14403

CWE-704
 

 
MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access.

 
2018-07-18
 
CVE-2018-14379

CWE-704
 

 
MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion.

 
2018-07-16
 
CVE-2018-14326

CWE-190
 

 
In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.

 
 
CVE-2018-14325

CWE-191
 

 
In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.

 
2018-07-13
 
CVE-2018-14054

CWE-415
 

 
A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered.

 

 >>> Vendor: Techsmith 4 Products
Camtasia studio
Snagit
Camtasia relay
Mp4v2


Copyright 2024, cxsecurity.com

 

Back to Top